Amendments to the claims: 



1. (currently amended) A method of enforcing security policies in a data access system, said 
method comprising: 

defining a first action as a condition; 

determining that a second action should not take place if said condition occurs; 

storing a rule for use by said data access system, said rule precluding said second action; 

and 

upon occurrence of said condition, utilizing placing said rule into data access management 
software in said data access system. 

2. (original) The method of claim 1 wherein said condition is effectuation of a first transaction by 
a user and said second action is the effectuation of a related transaction by the same user. 

3. (original) The method of claim 1 wherein said condition is effectuation of a first 
transaction by a first user in a particular role, and said second action is the effectuation of a second 
transaction by a second user in a second role, the roles being either the same or different, 

4. (original) The method of claim 3 wherein the role of the first user and that of the second 
user are different. 

5. (currently amended) The method of claim 2 wherein the condition is effective temporarily 
and than then is rescinded. 

6. (original) The method of claim 2 wherein a user attempting to effectuate said related 
transaction is informed of said condition and advised automatically that said second action is 
prohibited pending the relinquishment of the condition. 

7. (original) The method of claim 2 wherein said first action is the ordering of goods or 
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services and said second action is the payment for such goods or services. 

8. (currently amended) Apparatus for enforcing security poHcies to increase security of data 
access management software, said apparatus comprising: 

a file of rules, said rules only being applicable to prevent specified data transactions by a 
first user upon the effectuation of specified transactions to modify the data by said first user; 
softv^are for recognizing that said first user has effected said transaction, and 
means for reading said file, locating said rules to prevent said specified data transactions, 
and, upon occurrence of a specified action of said first user, integrating said rules into said data 
access management software such that said specified database transactions are prohibited. 

9. (original) Apparatus of claim 8 wherein fiarther comprising means for eliminating the rule 
from the data access management software at the conclusion of a predetermined time or upon a 
predetermined condition. 

10. (currently amended) A method of enforcing confidentiality in the form of a wall 
comprising the steps of: . 

storing at least one rule that prohibits a known party from accessing specified information 
in a database or file if a first specified condition occurs : 

upon said a first specified condition occurring, modifying data access management 
software to include said rule that prohibits said known party from accessing said specified 
information in a database or file; 

said first specified condition being indicative of said known party having knowledge of a 
particular set of information; and 

upon a second specified condition occurring, removing said rule and storing said rule for 
future use, said specified second condition indicating that said knowledge is no longer sensitive. 



1 1 . (original) The method of claim 10 wherein said rule is generated from a template rule. 

12. (original) The method of claim 1 1 wherein said known party is defined as any individual 
engaged in a predetermined role. 

13. (currently amended) The method of claim 10 wherein said ^ser known party is notified of 
the occurrence of said second condition. 

14. (original) The method of claim 13 wherein said notification is via email. 

15. (original) The method of claim 10 wherein said knowledge is no longer sensitive because 
it has been made public or because a predetermined time has passed. 

16. (original) The method of claim 1 wherein said rule is generated from a template rule. 

17. (currently amended) The method of claim 10 wherein some other individual, not the ttser 
known party , is notified of the occurrence of said second condition. 

18. (currently amended) The method of claim i€ 17 wherein said nofification is via e-mail. 

1 9. (currently amended) The method of claim 2 IJ. wherein some other individual, not the ttser 
known party , is notified of the occurrence of said second condition. 

20. (currently amended) The method of claim 4^ 19 wherein said notification is via e-mail. 

21. (cancelled) 

22. (currently amended) The method of claim i U wherein another individual, not the user 
known party , is notified when the user known party attempts the prohibited second action more 
than once. 

23. (currently amended) The method of claim 10 wherein another individual, not the ttser 
known party , is notified when the user known party attempts to access said specified information 
in the database the prohibited second action more than once. 

24. (currently amended) The method of claim 24- 23 wherein the notification is via e-mail. 
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25. (original) The method of claim 22 wherein the notification is via e-mail. 

26. (currently amended) The method of claim 24- 23 wherein the other said another individual 
is the users manager or supervisor. 

27. (currently amended) The method of claim 24- 23 wherein th e other said another individual 
is responsible for data security. 

28. (currently amended) The method of claim 22 wherein th e other said another individual is 
the users manager or supervisor. 

29. (currently amended) The method of claim 22 wherein th e oth e r said another individual is 
responsible for data security. 

30. (currently amended) The m e thod apparatus of claim 9 wherein the eliminated rule is saved 
in an audit log. 

3 1 . (currently amended) The method of claim 1 0 wherein the e liminat e d removed rule is saved 
in an audit log. 

32. (currently amended) The method of claim 1 wherein the rule is not loaded until the a 
specified user logs on to the system. 

33. (currently amended) The method of claim 1 wherein the rule is only tested for the a 
specified user. 

34. (currently amended) The method of claim 10 wherein the rule is not loaded until the a 
specified user logs on to the system. 

35. (currently amended) The method of claim 10 wherein the rule is only tested for the a 
specified user. 

36. (currently amended) The method of claim 3 wherein the rule is not loaded until a user in the 
a specified role logs on to the system. 
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37. (currently amended) The method of claim 3 wherein the rule is only tested for a user in the 
a specified role. 

38. (currently amended) The method of claim 12 wherein the rule is not loaded until a user in 
the a specified role logs on to the system. 

39. (currently amended) The method of claim 12 wherein the rule is only tested for a user in the 
a specified role. 

40. (original) The method of claim 1 wherein the security policy is separation of duties. 

41 . (original) The method of claim 1 wherein the security policy is compliance to regulation. 

42. (original) The method of claim 1 wherein the security policy is privacy of data. 

43 . (currently amended) The method of claim 34 23 wherein the oth e r said another individual 
is a computer process. 

44. (currently amended) The method of claim 22 wherein the oth e r said another individual is 
a computer process. 

45. (new) The method of claim 1 wherein said rule is generated upon occurrence of said 
condition. 

46. (new) The apparatus of claim 8 further comprising means for generating said rules upon 
occurrence of said specified action of said first user. 

47. (new) The method of claim 10 wherein said rule is generated upon occurrence of said first 
specified condition. 
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